Key online safety measures and status
 

Key online safety measures

Status

Additional commentary regarding status

Online Safety Act (2023 ) >

Law

Received Royal Assent on 26 October 2023.

Consists of framework of statutory duties to be supplemented by secondary legislation and Codes of Practice.

Phased approach to application of the Act, with first tranche of measures (regarding illegal harms) coming into force in March 2025.

The Online Safety Act 2023 (Category 1, Category 2A and Category 2B Threshold Conditions) >

Law

In force from 27 February 2025.

Outlines the thresholds for categorisation under the Act which determines whether service providers are subject to additional duties to implement additional safety measures to protect users from online harms.

The Online Safety Act 2023 (Qualifying Worldwide Revenue) Regulations 2025 >

Law

In force from 8 October 2025.

Confirms how "qualifying worldwide revenue" will be determined for the purposes of imposing fines for breach of obligations under the Act.

Illegal content Codes of Practice for user-to-user services >

Codes of Practice

In force from 17 March 2025.

Outlines recommended measures for user-to-user services to comply with their duties to take proportionate measures to prevent users from encountering illegal content on the service, including mitigating the risk of harm to individuals, under section 10 of the Act

Service providers are not required to implement the recommendations set out in the Codes, but must implement alternative measures if they choose not to.

Illegal content Codes of Practice for search services >

Codes of Practice

In force from 17 March 2025.

Outlines recommended measures for search services to comply with their duties to take proportionate measures to prevent users from encountering illegal content on the service, including mitigating the risk of harm to individuals, under section 27 of the Act.

Service providers are not required to implement the recommendations set out in the Codes, but must implement alternative measures if they choose not to.

Protection of Children Code of Practice for user-to-user services >

Code of Practice

In force from 25 July 2025

Outlines recommended measures for user-to-user services which are likely to be accessed by children to comply with their duties under section 12 of the Act. Section 12 imposes a duty to take proportionate measures to prevent children from accessing content that is harmful to them and manage the risk of harm to children.

Service providers are not required to implement the recommendations set out in the Codes, but must implement alternative measures if they choose not to.

Protection of Children Code of Practice for search services >

Code of Practice

In force from 25 July 2025

Outlines recommended measures for search services to comply with their duties under section 29 of the Act. Section 29 imposes a duty to take proportionate measures to prevent children from accessing content that is harmful to them and manage the risk of harm to children.

Service providers are not required to implement the recommendations set out in the Codes, but must implement alternative measures if they choose not to.


  Key concepts

   Scope of online safety measure(s)

Applies to:

  • User-to-user services
  • Search services
  • Services that feature provider pornographic content

   Online harms addressed

  • Illegal content (including pornographic, terrorist and CSEA (Child Sexual Exploitation and Abuse) content)
  • Content which is lawful but harmful to children
  • Fraudulent advertising

   Territorial scope

Applies to UK-based services as well as services based abroad which have 'links to the UK' (based on number of UK users, target audience and risks to UK users).


   Penalties and enforcement

Wide enforcement powers including: notices of contravention; business interruption measures (eg, service restriction orders imposed on service providers or ancillary providers); fines of up to the higher of £18 million or 10% of global annual revenue; and criminal offences for senior management.



  Key takeaways
 

Proportionate tiered risk-based approach in terms of duties applicable to different categories of platforms

More comprehensive requirements for in-scope services that have a higher reach and present a higher risk

More stringent approach for children with regard to lawful but harmful content

More proactive approach required to compliance, compared to the existing reactive approach

Elevated importance of user choice and terms and conditions as part of 'triple shield' approach

Requirement to balance compliance with online safety duties with free speech considerations


Key contacts

Stay in the know

Receive timely insights and briefings from HSF Kramer, tailored to keep you informed and ahead

Subscribe now
TMT disputes Technology, media and entertainment, and telecommunications Technology, Media and Telecoms Hayley Brady Claire Wiseman James Balfour Rachel Kane